1,721,023 research outputs found
An Experimental Analysis of the WPA3 Protocol in IoT Devices
No full textWi-Fi technology plays a crucial role in the advancement of IoT across various domains, from homes to industries. However, the inherent nature of wireless channels, cost constraints, and the limited computational power of IoT devices rise concerns regarding security. In this work, we conducted an experimental analysis to verify how the most common development platforms used in the IoT domain support the new security mechanisms introduced by WPA3. To achieve this goal, we created a testing platform, using the open source programs called Hostapd and FreeRADIUS, that enables both the assessment of basic features of WPA3-Personal and WPA3-Enterprise, and the latest SAE- PK and Transition Disable (TD) functionalities. As test subjects, we selected: a Cypress board, an ESP32-based unit, the Raspberry Pi 4 and the Pi Pico W. The results of our analysis were both disappointing and unexpected. Only the Cypress and ESP32 boards enable WPA3-Personal, while solely the Pi 4 specifically addresses WPA3-Enterprise when directly configured with Wpa-supplicant. Instead, the Pico W completely lacks support for WPA3 and, furthermore, for WPA2-Enterprise. Regarding remaining features, only the ESP32 supports SAE-PK, but we found flaws in TD implementation. These findings are significant as they highlight the limitations and vulnerabilities present in the Wi-Fi module frameworks used by a substantial portion of connected devices available on the market, underscoring the need for further research and improvements in IoT security protocols
Low-delay high-rate operation of 802.11ac WLAN downlink: Nonlinear controller analysis & design
No full textIn this paper we present a novel nonlinear control design for regulating the aggregation level in 802.11 WLANs so as to ensure robust low-delay operation at high data rates. The controller compensates for system nonlinearities and so can be used for the full range of WLAN operation. We develop an implementation of the nonlinear control design and use this to evaluate performance using both simulations and hardware measurements
Enhanced Self-Synchronized Reduced Media-Independent Interface for Robotic and Automotive Applications
No full textThe increasing pervasiveness of control systems used in robotic and automotive applications requires the installation of a growing number of sensors and actuators. In parallel to the downsizing of all the components, new techniques for tracing versatile printed circuit boards (PCBs) are emerging: A 3-D molded interconnection device, for example, creates the opportunity to reduce up to 75% of weight by combining a single-layer PCB with mechanical parts. Getting rid of unnecessary wires, hence, becomes indispensable, and new on-board interfaces with fewer pins must be designed. This article proposes a novel encoding scheme and the corresponding interface that reduces the number of wires between automotive Ethernet (100BASE-T1) MAC and PHY down to 2 and corrects up to 37.8% of single-bit errors. As this interface can be clocked at 33.33 MHz, it does not require differential transmitters, receivers, or any other special block, and for this reason, it can be easily implemented on a small-sized field-programmable gate array
Low-Delay Proportional Fair Rate Allocation for 802.11ac WLAN Downlink
No full textIn this paper we consider a next generation edge architecture where traffic is routed via a proxy located close to the network edge (e.g. within a cloudlet). This creates freedom to implement new transport layer behaviour over the wireless path between proxy and clients. We use this freedom to develop a novel approach to achieving high rate, low latency communication on the downlink. This works by adjusting the send rates to clients so as to regulate the aggregation level of transmitted frames which in turn robustly regulates the queueing delay at the AP. We derive the low-delay proportional fair rate allocation in the presence of aggregation and using this consider primal-dual and PI controller approaches for achieving the low-delay proportional fair rate allocation. We find that the primal-dual approach is fragile in the sense that it is sensitive to modelling errors, and in contrast the PI controller approach is much more robust. We present numerical simulation results evaluating the performance
Passive device-free multi-point CSI localization and its obfuscation with randomized filtering
No full textThe use of Channel State Information (CSI) as a means of sensing the environment through Wi-Fi communications, and in particular to locate the position of unaware people, is moving from feasibility studies to high precision applications. The work we present in this paper explores how the use of multiple localization receivers can enhance the precision and robustness of device-free CSI-based localization with a method based on a state-of-the-art Convolutional Neural Network. Next we discuss how a randomized pre-filtering at the transmitter can hide the information that the CSI carries on the location of one person indoor formalizing the manipulation technique. Results are presented discussing two different ways of exploiting the multi-receiver redundancy and how, in any case, properly randomized pre-distortion at the transmitter can prevent localization even if the attack is carried out with multiple localization devices (receivers controlled by the attacker)
Hey ChatGPT, Is This Message Phishing?
No full textThis paper investigates the effectiveness of AI-based tools, with a focus on utilizing ChatGPT as a test platform, in email phishing detection, addressing the pressing need to combat this pervasive threat in the digital landscape. With phishing attacks causing substantial financial losses amounting to billions of dollars annually, innovative approaches are essential to mitigate their impact. We propose leveraging ChatGPT for email phishing detection, capitalizing on its machine learning and natural language processing capabilities to classify emails based on nuanced patterns and variations in phishing techniques. Unlike traditional rule-based approaches, AI-based tools offer a promising avenue for enhanced detection accuracy. Through rig-orous testing focusing on binary mail classification, incorporating metrics such as accuracy, specificity, sensitivity, precision, and the F1 Score, ChatGPT demonstrates commendable performance, achieving an overall accuracy of 75.75% and an impressive sensitivity of 98.4 %. These findings underscore the potential of AI-based tools as valuable assets in mitigating phishing threats. Comparison with FortiSandbox, a widely-used solution, reveals promising potential for AI-based tools, albeit with recognition of the need for further development and refinement. Our evaluation, encompassing various aspects of. eml file analysis, highlights both the strengths and limitations of AI-based tools in identifying phishing emails. While this research lays a strong foundation for leveraging AI -based tools in email phishing detection, there exist opportunities for improvement. Addressing identified limitations and exploring future research directions will be crucial in advancing the efficacy of AI-based tools and enhancing email security measures against cyber threats
One GPU to Snoop Them All: A Full-Band Bluetooth Low Energy Sniffer
No full textSniffing Bluetooth data sessions is considered a difficult task, because of the frequency-hopping channel access scheme this technology implements. In this paper we present a novel open-source sniffer that can monitor Bluetooth Low Energy (BLE) traffic on all channels in real time. The sniffer builds on a Software-Defined Radio (SDR) framework to capture the entire BLE spectrum and exploits Graphics Processing Unit (GPU) capabilities to channelize and process BLE traffic in real time. We show that our sniffer can easily and reliably detect active BLE connections, and infer their properties, including Access Address, CRC values and hopping sequences. From a general standpoint, we show that tracking many BLE data sessions at the same time becomes feasible even with relatively inexpensive equipment, as we are able to discover up to 24 simultaneous sessions within 80 ms on average
Non Intrusive Wi-Fi CSI Obfuscation Against Active Localization Attacks
No full textChannel State Information (CSI) based localization with 802.11 has been proven feasible in multiple scenarios and is becoming a serious threat to people privacy in work spaces, at home, and maybe even outdoors, even if outdoors experiments proving the feasibility are still not available. Countering unauthorized localization without hampering communications is a nontrivial task, although some very recent works suggest that it is feasible with marginal modification of the 802.11 transmission chain, but this requires modifying 802.11 devices. Furthermore, if the attacker controls two devices and not only a receiver, transmission side signal manipulation cannot help. This work explores the possibility of countering CSI based localization with an active device that, instead of jamming signals to avoid that a malicious receiver exploits CSI information to locate a person, superimpose on frames a copy of the same frame signal whose goal is not destroying reception as in jamming, but only obfuscate the location relevant information carried by the CSI. A prototype implementation and early results looks promising; they show feasibility of location obfuscation with high efficiency and excellent preservation of communication performance, paving the road for further research and improved users privacy
Exposing the CSI: A Systematic Investigation of CSI-based Wi-Fi Sensing Capabilities and Limitations
No full textThanks to the ubiquitous deployment of Wi-Fi hotspots, channel state information (CSI)-based Wi-Fi sensing can unleash game-changing applications in many fields, such as healthcare, security, and entertainment. However, despite one decade of active research on Wi-Fi sensing, most existing work only considers legacy IEEE 802.11n devices, often in particular and strictly-controlled environments. Worse yet, there is a fundamental lack of understanding of the impact on CSI-based sensing of modern Wi-Fi features, such as 160-MHz bandwidth, multiple-input multiple-output (MIMO) transmissions, and increased spectral resolution in IEEE 802.11ax (Wi-Fi 6). This work aims to shed light on the impact of Wi-Fi 6 features on the sensing performance and to create a benchmark for future research on Wi-Fi sensing. To this end, we perform an extensive CSI data collection campaign involving 3 individuals, 3 environments, and 12 activities, using Wi-Fi 6 signals. An anonymized ground truth obtained through video recording accompanies our 80-GB dataset, which contains almost two hours of CSI data from three collectors. We leverage our dataset to dissect the performance of a state-of-The-Art sensing framework across different environments and individuals. Our key findings suggest that (i) MIMO transmissions and higher spectral resolution might be more beneficial than larger bandwidth for sensing applications; (ii) there is a pressing need to standardize research on Wi-Fi sensing because the path towards a truly environment-independent framework is still uncertain. To ease the experiments' replicability and address the current lack of Wi-Fi 6 CSI datasets, we release our 80-GB dataset to the community
AntiSense: Standard-compliant CSI obfuscation against unauthorized Wi-Fi sensing
Full text linkChannel State Information (CSI)-based localization with 802.11 has been proven feasible in multiple scenarios and is becoming a serious threat to people's privacy in workplaces, at home, and maybe even outdoors. Countering unauthorized localization without hampering communications is a non-trivial task, although some very recent works suggest that it is feasible with marginal modification of the 802.11 transmission chain, but this requires modifying 802.11 devices. Furthermore, if the attacker controls two devices and not just a receiver, transmission side signal manipulation cannot help. This work explores the possibility of countering CSI based localization with an active device that, instead of jamming signals to avoid that a malicious receiver exploits CSI information to locate a person, superimpose on frames a copy of the same frame signal whose goal is not destroying reception as in jamming, but only obfuscate the location-relevant information carried by the CSI. A prototype implementation and early results look promising; they show the feasibility of location obfuscation with high efficiency and excellent preservation of communication performance, and indicate that the technique works both against passive attacks, where the attacker controls only a receiver, and active ones, where he/she controls both a transmitter and a receiver. These results pave the road for further research on smart spaces that preserve users’ privacy with a technical solution and not only via legal prescriptions
- …
